Skip to content

Operationalize Fivetran GCP deploy path

Problem

Dataface now has a real deploy path to Fivetran's GCP infrastructure, and the pilot runtime has already been exercised on Cloud Run. The remaining risk is that the path is still only partially operationalized: runtime deploys rely on JSON-key auth by default, rollback/monitoring are not fully verified, and the final static-site / ops handoff steps have not been completed. Without closing those gaps, each future deploy still carries avoidable operator risk.

Context

  • This task is about deployment mechanics and operational runbooks for the pilot runtime on Fivetran GCP.
  • Warehouse/data connectivity is tracked separately in task-m1-ft-analytics-connectivity.md.
  • host-dataface-on-fivetran-gcp.md captures the broader hosting program; this task narrows integrations-platform scope to repeatable deploy/rollback/ops path.

Possible Solutions

Plan

  1. Finalize the repeatable deploy path for the pilot services on Fivetran GCP.
  2. Ensure build, deploy, rollback, and env promotion steps are documented and runnable without ad-hoc engineering intervention.
  3. Validate the pipeline with at least one real deployment exercise on the target environment.
  4. Hand off explicit runtime prerequisites to the connectivity task rather than absorbing them here.

Implementation Progress

  • Boundary clarified: this task owns deploy/runbook reliability, not warehouse credentials or application-level connectivity.
  • Pilot runtime has been deployed successfully on internal-dataface-eng.
  • Runtime workflows are now manual-only for Cloud Run services to avoid accidental deploys on every main push.
  • GitHub Actions workflows have been prepared to support either SA JSON key auth or Workload Identity Federation.
  • Remaining work is rollback verification, static-site publish, and live WIF/monitoring setup in GCP.

Review Feedback

  • Review cleared